* [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240
@ 2021-04-22 8:09 Changqing Li
2021-04-23 5:54 ` [OE-core] " Anuj Mittal
0 siblings, 1 reply; 4+ messages in thread
From: Changqing Li @ 2021-04-22 8:09 UTC (permalink / raw)
To: openembedded-core
From: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Changqing Li <changqing.li@windriver.com>
---
.../gdk-pixbuf/CVE-2021-20240.patch | 40 +++++++++++++++++++
.../gdk-pixbuf/gdk-pixbuf_2.40.0.bb | 1 +
2 files changed, 41 insertions(+)
create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
new file mode 100644
index 0000000000..fe594b24bb
--- /dev/null
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
@@ -0,0 +1,40 @@
+From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00 2001
+From: Emmanuele Bassi <ebassi@gnome.org>
+Date: Wed, 1 Apr 2020 18:11:55 +0100
+Subject: [PATCH] Check the memset length argument
+
+Avoid overflows by using the checked multiplication macro for gsize.
+
+Fixes: #132
+
+Upstream-Status: Backported [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e]
+CVE: CVE-2021-20240
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ gdk-pixbuf/io-gif-animation.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-animation.c
+index c9db3c66e..49674fd2e 100644
+--- a/gdk-pixbuf/io-gif-animation.c
++++ b/gdk-pixbuf/io-gif-animation.c
+@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf (GdkPixbufAnimationIter *anim_iter)
+
+ /* If no rendered frame, render the first frame */
+ if (anim->last_frame == NULL) {
++ gsize len = 0;
+ if (anim->last_frame_data == NULL)
+ anim->last_frame_data = gdk_pixbuf_new (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
+ if (anim->last_frame_data == NULL)
+ return NULL;
+- memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, gdk_pixbuf_get_rowstride (anim->last_frame_data) * anim->height);
++ if (g_size_checked_mul (&len, gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
++ memset (gdk_pixbuf_get_pixels (anim->last_frame_data), 0, len);
++ else
++ return NULL;
+ composite_frame (anim, g_list_nth_data (anim->frames, 0));
+ }
+
+--
+GitLab
diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
index 226e1c7b89..f01da32e71 100644
--- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
+++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
@@ -26,6 +26,7 @@ SRC_URI = "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \
file://missing-test-data.patch \
file://CVE-2020-29385.patch \
+ file://CVE-2021-20240.patch \
"
SRC_URI_append_class-target = " \
--
2.17.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240
2021-04-22 8:09 [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240 Changqing Li
@ 2021-04-23 5:54 ` Anuj Mittal
2021-04-23 6:02 ` Changqing Li
0 siblings, 1 reply; 4+ messages in thread
From: Anuj Mittal @ 2021-04-23 5:54 UTC (permalink / raw)
To: changqing.li, openembedded-core
This should be proposed for master too. We're still at 2.40.0 there.
Thanks,
Anuj
On Thu, 2021-04-22 at 16:09 +0800, Changqing Li wrote:
> From: Changqing Li <changqing.li@windriver.com>
>
> Signed-off-by: Changqing Li <changqing.li@windriver.com>
> ---
> .../gdk-pixbuf/CVE-2021-20240.patch | 40
> +++++++++++++++++++
> .../gdk-pixbuf/gdk-pixbuf_2.40.0.bb | 1 +
> 2 files changed, 41 insertions(+)
> create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-
> 2021-20240.patch
>
> diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> 20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> 20240.patch
> new file mode 100644
> index 0000000000..fe594b24bb
> --- /dev/null
> +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
> @@ -0,0 +1,40 @@
> +From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00
> 2001
> +From: Emmanuele Bassi <ebassi@gnome.org>
> +Date: Wed, 1 Apr 2020 18:11:55 +0100
> +Subject: [PATCH] Check the memset length argument
> +
> +Avoid overflows by using the checked multiplication macro for gsize.
> +
> +Fixes: #132
> +
> +Upstream-Status: Backported
> [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e
> ]
> +CVE: CVE-2021-20240
> +
> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> +---
> + gdk-pixbuf/io-gif-animation.c | 6 +++++-
> + 1 file changed, 5 insertions(+), 1 deletion(-)
> +
> +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-
> animation.c
> +index c9db3c66e..49674fd2e 100644
> +--- a/gdk-pixbuf/io-gif-animation.c
> ++++ b/gdk-pixbuf/io-gif-animation.c
> +@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf
> (GdkPixbufAnimationIter *anim_iter)
> +
> + /* If no rendered frame, render the first frame */
> + if (anim->last_frame == NULL) {
> ++ gsize len = 0;
> + if (anim->last_frame_data == NULL)
> + anim->last_frame_data = gdk_pixbuf_new
> (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
> + if (anim->last_frame_data == NULL)
> + return NULL;
> +- memset (gdk_pixbuf_get_pixels (anim-
> >last_frame_data), 0, gdk_pixbuf_get_rowstride (anim-
> >last_frame_data) * anim->height);
> ++ if (g_size_checked_mul (&len,
> gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
> ++ memset (gdk_pixbuf_get_pixels (anim-
> >last_frame_data), 0, len);
> ++ else
> ++ return NULL;
> + composite_frame (anim, g_list_nth_data (anim-
> >frames, 0));
> + }
> +
> +--
> +GitLab
> diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> index 226e1c7b89..f01da32e71 100644
> --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> @@ -26,6 +26,7 @@ SRC_URI =
> "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
>
> file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \
> file://missing-test-data.patch \
> file://CVE-2020-29385.patch \
> + file://CVE-2021-20240.patch \
> "
>
> SRC_URI_append_class-target = " \
>
>
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240
2021-04-23 5:54 ` [OE-core] " Anuj Mittal
@ 2021-04-23 6:02 ` Changqing Li
2021-04-23 6:14 ` Anuj Mittal
0 siblings, 1 reply; 4+ messages in thread
From: Changqing Li @ 2021-04-23 6:02 UTC (permalink / raw)
To: Mittal, Anuj, openembedded-core
On 4/23/21 1:54 PM, Mittal, Anuj wrote:
> [Please note: This e-mail is from an EXTERNAL e-mail address]
>
> This should be proposed for master too. We're still at 2.40.0 there.
>
> Thanks,
>
> Anuj
I plan to upgrade gdk-pixbuf on master to 2.42.6, which already fix
this CVE.
>
> On Thu, 2021-04-22 at 16:09 +0800, Changqing Li wrote:
>> From: Changqing Li <changqing.li@windriver.com>
>>
>> Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> ---
>> .../gdk-pixbuf/CVE-2021-20240.patch | 40
>> +++++++++++++++++++
>> .../gdk-pixbuf/gdk-pixbuf_2.40.0.bb | 1 +
>> 2 files changed, 41 insertions(+)
>> create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-
>> 2021-20240.patch
>>
>> diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
>> 20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
>> 20240.patch
>> new file mode 100644
>> index 0000000000..fe594b24bb
>> --- /dev/null
>> +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-20240.patch
>> @@ -0,0 +1,40 @@
>> +From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17 00:00:00
>> 2001
>> +From: Emmanuele Bassi <ebassi@gnome.org>
>> +Date: Wed, 1 Apr 2020 18:11:55 +0100
>> +Subject: [PATCH] Check the memset length argument
>> +
>> +Avoid overflows by using the checked multiplication macro for gsize.
>> +
>> +Fixes: #132
>> +
>> +Upstream-Status: Backported
>> [https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e
>> ]
>> +CVE: CVE-2021-20240
>> +
>> +Signed-off-by: Changqing Li <changqing.li@windriver.com>
>> +---
>> + gdk-pixbuf/io-gif-animation.c | 6 +++++-
>> + 1 file changed, 5 insertions(+), 1 deletion(-)
>> +
>> +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-
>> animation.c
>> +index c9db3c66e..49674fd2e 100644
>> +--- a/gdk-pixbuf/io-gif-animation.c
>> ++++ b/gdk-pixbuf/io-gif-animation.c
>> +@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf
>> (GdkPixbufAnimationIter *anim_iter)
>> +
>> + /* If no rendered frame, render the first frame */
>> + if (anim->last_frame == NULL) {
>> ++ gsize len = 0;
>> + if (anim->last_frame_data == NULL)
>> + anim->last_frame_data = gdk_pixbuf_new
>> (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
>> + if (anim->last_frame_data == NULL)
>> + return NULL;
>> +- memset (gdk_pixbuf_get_pixels (anim-
>>> last_frame_data), 0, gdk_pixbuf_get_rowstride (anim-
>>> last_frame_data) * anim->height);
>> ++ if (g_size_checked_mul (&len,
>> gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
>> ++ memset (gdk_pixbuf_get_pixels (anim-
>>> last_frame_data), 0, len);
>> ++ else
>> ++ return NULL;
>> + composite_frame (anim, g_list_nth_data (anim-
>>> frames, 0));
>> + }
>> +
>> +--
>> +GitLab
>> diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
>> b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
>> index 226e1c7b89..f01da32e71 100644
>> --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
>> +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
>> @@ -26,6 +26,7 @@ SRC_URI =
>> "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
>>
>> file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch \
>> file://missing-test-data.patch \
>> file://CVE-2020-29385.patch \
>> + file://CVE-2021-20240.patch \
>> "
>>
>> SRC_URI_append_class-target = " \
>>
>>
>>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [OE-core] [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240
2021-04-23 6:02 ` Changqing Li
@ 2021-04-23 6:14 ` Anuj Mittal
0 siblings, 0 replies; 4+ messages in thread
From: Anuj Mittal @ 2021-04-23 6:14 UTC (permalink / raw)
To: changqing.li, openembedded-core
On Fri, 2021-04-23 at 14:02 +0800, Changqing Li wrote:
>
> On 4/23/21 1:54 PM, Mittal, Anuj wrote:
> > [Please note: This e-mail is from an EXTERNAL e-mail address]
> >
> > This should be proposed for master too. We're still at 2.40.0
> > there.
> >
> > Thanks,
> >
> > Anuj
> I plan to upgrade gdk-pixbuf on master to 2.42.6, which already fix
> this CVE.
Great, thanks!
> >
> > On Thu, 2021-04-22 at 16:09 +0800, Changqing Li wrote:
> > > From: Changqing Li <changqing.li@windriver.com>
> > >
> > > Signed-off-by: Changqing Li <changqing.li@windriver.com>
> > > ---
> > > .../gdk-pixbuf/CVE-2021-20240.patch | 40
> > > +++++++++++++++++++
> > > .../gdk-pixbuf/gdk-pixbuf_2.40.0.bb | 1 +
> > > 2 files changed, 41 insertions(+)
> > > create mode 100644 meta/recipes-gnome/gdk-pixbuf/gdk-
> > > pixbuf/CVE-
> > > 2021-20240.patch
> > >
> > > diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> > > 20240.patch b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> > > 20240.patch
> > > new file mode 100644
> > > index 0000000000..fe594b24bb
> > > --- /dev/null
> > > +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf/CVE-2021-
> > > 20240.patch
> > > @@ -0,0 +1,40 @@
> > > +From 086e8adf4cc352cd11572f96066b001b545f354e Mon Sep 17
> > > 00:00:00
> > > 2001
> > > +From: Emmanuele Bassi <ebassi@gnome.org>
> > > +Date: Wed, 1 Apr 2020 18:11:55 +0100
> > > +Subject: [PATCH] Check the memset length argument
> > > +
> > > +Avoid overflows by using the checked multiplication macro for
> > > gsize.
> > > +
> > > +Fixes: #132
> > > +
> > > +Upstream-Status: Backported
> > > [
> > > https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/086e8adf4cc352cd11572f96066b001b545f354e
> > > ]
> > > +CVE: CVE-2021-20240
> > > +
> > > +Signed-off-by: Changqing Li <changqing.li@windriver.com>
> > > +---
> > > + gdk-pixbuf/io-gif-animation.c | 6 +++++-
> > > + 1 file changed, 5 insertions(+), 1 deletion(-)
> > > +
> > > +diff --git a/gdk-pixbuf/io-gif-animation.c b/gdk-pixbuf/io-gif-
> > > animation.c
> > > +index c9db3c66e..49674fd2e 100644
> > > +--- a/gdk-pixbuf/io-gif-animation.c
> > > ++++ b/gdk-pixbuf/io-gif-animation.c
> > > +@@ -412,11 +412,15 @@ gdk_pixbuf_gif_anim_iter_get_pixbuf
> > > (GdkPixbufAnimationIter *anim_iter)
> > > +
> > > + /* If no rendered frame, render the first frame */
> > > + if (anim->last_frame == NULL) {
> > > ++ gsize len = 0;
> > > + if (anim->last_frame_data == NULL)
> > > + anim->last_frame_data = gdk_pixbuf_new
> > > (GDK_COLORSPACE_RGB, TRUE, 8, anim->width, anim->height);
> > > + if (anim->last_frame_data == NULL)
> > > + return NULL;
> > > +- memset (gdk_pixbuf_get_pixels (anim-
> > > > last_frame_data), 0, gdk_pixbuf_get_rowstride (anim-
> > > > last_frame_data) * anim->height);
> > > ++ if (g_size_checked_mul (&len,
> > > gdk_pixbuf_get_rowstride (anim->last_frame_data), anim->height))
> > > ++ memset (gdk_pixbuf_get_pixels (anim-
> > > > last_frame_data), 0, len);
> > > ++ else
> > > ++ return NULL;
> > > + composite_frame (anim, g_list_nth_data (anim-
> > > > frames, 0));
> > > + }
> > > +
> > > +--
> > > +GitLab
> > > diff --git a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > index 226e1c7b89..f01da32e71 100644
> > > --- a/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > +++ b/meta/recipes-gnome/gdk-pixbuf/gdk-pixbuf_2.40.0.bb
> > > @@ -26,6 +26,7 @@ SRC_URI =
> > > "${GNOME_MIRROR}/${BPN}/${MAJ_VER}/${BPN}-${PV}.tar.xz \
> > >
> > > file://0006-Build-thumbnailer-and-tests-also-in-cross-builds.patch
> > > \
> > > file://missing-test-data.patch \
> > > file://CVE-2020-29385.patch \
> > > + file://CVE-2021-20240.patch \
> > > "
> > >
> > > SRC_URI_append_class-target = " \
> > >
> > >
> > >
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-04-23 6:14 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-22 8:09 [PATCH][hardknott] gdk-pixbuf: fix CVE-2021-20240 Changqing Li
2021-04-23 5:54 ` [OE-core] " Anuj Mittal
2021-04-23 6:02 ` Changqing Li
2021-04-23 6:14 ` Anuj Mittal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.